Report on Digital Certificates about to Expire

Document ID : KB000020327
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

What report will list Digital Certificates that will expire within a specified number of days?

Solution:

The CA-Top Secret Report & Tracking Guide:

SAFCRRPT Utility

------------------------

About the Certificate Utility

--------------------------------------

Use the Certificate Utility to display the certificate hierarchy in your database. Optionally, it will display each certificate, its signing

certificate, the certificates that it has signed, and all of the information provided with the CHKCERT and LIST commands. Execution of

SAFCRRPT requires a region size of 1500K.

You can tailor the output to display certificates:


 * For a specified user       
 * For a specified key ring 
 * That have not expired
 * That have a key in ICSF
 * That are currently trusted
 * That will expire within a specified number of days

EDAYS(expire days) - Specifies that only certificates that expire within the specified number of days are displayed.

Range: 1 to 365

The following is sample JCL to run the certificate utility. This JCL is found in the CAI.CAKOJCL0 file on the distribution tape. The member name is

CERTUTIL:

 //SAFRPTCR EXEC PGM=SAFCRRPT,PARM='TITLE(Certificate detailed report)'       
 //STEPLIB DD DISP=SHR,DSN=CAI.CAKOLINK 
 //SYSUDUMP DD SYSOUT=*
 //SYSPRINT DD SYSOUT=*
 //SYSIN DD *
 RECORDID(-) EDAYS(90) DETAIL TITLE('TEST EDAYS')